Editing Children's Online Privacy Protection Act (section)

==Background==
In the 1990s, [[E-commerce|electronic commerce]] was on its rise of popularity, but various concerns were expressed about the [[data collection]] practices and the impact of Internet commerce on user privacy—especially for children under 13, because very few websites had their own privacy policies.<ref name="MagidNewLaw00">{{cite web|url=http://articles.latimes.com/2000/apr/24/business/fi-22841/2|title=New Law Protects Kids Online, but It's No Substitute for Parenting|author=Magid, L.J.|date=24 April 2000|work=Los Angeles Times|url-status=dead|archive-url=https://web.archive.org/web/20151222134956/http://articles.latimes.com/2000/apr/24/business/fi-22841/2|archive-date=22 December 2015|access-date=22 June 2016}}</ref> The Center for Media Education petitioned the [[Federal Trade Commission]] (FTC) to investigate the data collection and use practices of the [[KidsCom]] website, and take legal action since the data practices violated Section 5 of FTC Act concerning "unfair/deceptive practices." With the passing of the Drivers Privacy Protection Act in 1997, new precedents had been set in regard to the ability of congress to regulate information held by state agencies.<ref>{{Cite web |title=Redirecting... |url=https://heinonline.org/HOL/Page?collection=journals&handle=hein.journals/sccj16&id=393&men_tab=srchresults |access-date=2022-03-26 |website=heinonline.org}}</ref> After the FTC completed its investigation, it issued the "KidsCom Letter" the report stated that the data collection and use practices were indeed subject to legal action.<ref name="WarmundCOPPA01">{{cite journal |author=Warmund, J. |url=https://ir.lawnet.fordham.edu/cgi/viewcontent.cgi?article=1212&context=iplj |title=Can COPPA Work? An Analysis of the Parental Consent Measures in the Children's Online Privacy Protection Act |journal=Fordham Intellectual Property, Media and Entertainment Law Journal |volume=11 |number=1 |date=2001 |access-date=22 June 2016}}</ref><ref name="FTCStaff97">{{cite web |url=https://www.ftc.gov/news-events/press-releases/1997/07/ftc-staff-sets-forth-principles-online-information-collection |title=FTC Staff Sets Forth Principles For Online Information Collection From Children |work=FTC Press Releases |publisher=Federal Trade Commission |date=16 July 1997 |access-date=22 June 2016}}</ref> This resulted in the need to inform parents about the risks of children's online privacy, as well as to parental consent necessity. This ultimately resulted in the drafting of COPPA.

The new millennium ushered in an era of regulation that many were simply unaware of. The early years of the transition were fraught with confusion and a lot of animosity. One of the main concerns of the time was the eventual accessibility of child-based websites at the fear many were unwilling to change their business practices.<ref>{{Cite journal |last=Davis |first=Joel J. |date=Autumn 2002 |title=Marketing to children online: A manager's guide to the Children's Online Privacy Protection Act |url=https://www.proquest.com/docview/231236782 |journal=S.A.M. Advanced Management Journal |volume=67 |pages=11–63|id={{ProQuest|231236782}} }}</ref> Many were left with a series of loose guidelines that determined what was correct.<ref>{{Cite journal |last=Reyes |first=Irwin |date=2018 |title="Won't Somebody Think of the Children?" Examining COPPA Compliance at Scale |url=https://petsymposium.org/2018/files/papers/issue3/popets-2018-0021.pdf |journal=Proceedings on Privacy Enhancing Technologies |volume=2018 |issue=3 |pages=63–83|doi=10.1515/popets-2018-0021 |s2cid=4935390 }}</ref> The simplification of COPPA provided by the FTC was met with a follow-up of demands to law enforcement that the: "... Commission should continue law enforcement efforts by targeting significant violations and seeking increasingly larger civil penalties, when appropriate, to deter unlawful conduct".<ref>{{Cite book |last=Commission. |first=United States. Federal Trade |url=http://worldcat.org/oclc/85854528 |title=Implementing the Children's Online Privacy Protection Act : a report to Congress |date=2007 |publisher=U.S. FTC |oclc=85854528}}</ref> A mandatory review of the COPPA regulations were conducted in 2005 (resulting with no changes to the original guidelines), found that there were no adverse effects to the online landscape.

The [[Federal Trade Commission]] (FTC) has the authority to issue regulations and enforce COPPA. Also, under the terms of COPPA, the FTC-designated "safe harbor" provisioning is designed to encourage increased industrial self-regulation. Under this provision, industry groups and others may request Commission approval of self-regulatory guidelines to govern participants' compliance, such that website operators in Commission-approved programs would first be subject to the disciplinary procedures of the safe harbor program in lieu of FTC enforcement. {{As of|June 2016|post=,}} the FTC has approved seven safe harbor programs operated by [[TRUSTe|TrustArc]], [[Entertainment Software Rating Board|ESRB]], [[CARU]], [[PRIVO]], [[Aristotle, Inc.]], Samet Privacy (kidSAFE), and the Internet Keep Safe Coalition (iKeepSafe).<ref name="ThomasFTCAug14">{{cite web |url=http://www.winston.com/en/privacy-law-corner/ftc-approves-ikeepsafe-s-coppa-safe-harbor-program.html |title=FTC Approves iKeepSafe's COPPA Safe Harbor Program |author=Thomas, L.M. |work=Privacy Law Corner |publisher=Winston & Strawn LLP |date=19 August 2014 |access-date=22 June 2016 |archive-date=September 21, 2016 |archive-url=https://web.archive.org/web/20160921122319/http://www.winston.com/en/privacy-law-corner/ftc-approves-ikeepsafe-s-coppa-safe-harbor-program.html |url-status=dead }}</ref><ref name="ThomasFTCFeb14">{{cite web |url=http://www.winston.com/en/privacy-law-corner/ftc-approves-sixth-coppa-safe-harbor-program.html |title=FTC Approves Sixth COPPA Safe Harbor Program |author=Thomas, L.M. |work=Privacy Law Corner |publisher=Winston & Strawn LLP |date=20 February 2014 |access-date=22 June 2016}}</ref> In August 2021, [[Aristotle, Inc.]] withdrew from the safe harbor program after FTC staff expressed serious concerns about its enforcement of its safe harbor provisions and communicated their intent to recommend the revocation of Aristotle's approval to run a safe harbor program. The FTC also announced its intention to more closely scrutinize the practices of the other six present safe harbors.<ref name="FTCAug4">{{cite web |url=https://www.ftc.gov/news-events/press-releases/2021/08/aristotle-removed-from-ftc-approved-childrens-privacy-programs |title=Aristotle Removed from List of FTC-Approved Children's Privacy Self-Regulatory Programs |work=FTC Press Releases |publisher=Federal Trade Commission |date=4 August 2021 |access-date=2 September 2021}}</ref>

In September 2011, the FTC announced proposed revisions to the COPPA rules, the first significant changes to the act since the issuance of the rules in 2000. The proposed rule changes expanded the definition of what it meant to "collect" data from children. The proposed rules presented a [[data retention]] and deletion requirement, which mandated that data obtained from children be retained only for the amount of time necessary to achieve the purpose that it was collected for. It also added the requirement that operators ensure that any third parties to whom a child's information is disclosed have reasonable procedures in place to protect the information.<ref name="KardellFTC11">{{cite web |url=http://www.natlawreview.com/article/ftc-will-propose-broader-children-s-online-privacy-safeguards |title=FTC Will Propose Broader Children's Online Privacy Safeguards |work=[[The National Law Review]] |publisher=Ifrah PLLC |date=22 December 2011 |access-date=22 June 2016}}</ref>

The act applies to websites and online services operated for commercial purposes that are either directed toward children under 13 or have actual knowledge that children under 13 are providing information online. Most recognized non-profit organizations are exempt from most of the requirements of COPPA.<ref name="FTC_COPPA_FAQ" /> However, the [[Supreme Court of the United States|Supreme Court]] ruled that non-profits operated for the benefit of their members' commercial activities are subject to FTC regulation and consequently COPPA as well.<ref>{{cite web |url=https://supreme.justia.com/cases/federal/us/526/756/case.html |title=FTC v. California Dental Association, 526 U.S. 756 (1999) |publisher=Justia |date=24 May 1999 |access-date=22 June 2016}}</ref> The type of "verifiable parental consent" that is required before collecting and using information provided by children under 13 is based upon a "sliding scale" set forth in a [[Federal Trade Commission]] regulation<ref name="FTC16CFR312">{{cite journal |url=http://www.ftc.gov/os/1999/10/64fr59888.pdf |archive-url=https://web.archive.org/web/20131029192159/http://www.ftc.gov/os/1999/10/64fr59888.pdf |title=16 CFR Part 312 Children's Online Privacy Protection Rule; Final Rule |journal=Federal Register |author=Federal Trade Commission |volume=64 |issue=212 |pages=59888–59915 |date=3 November 1999 |archive-date=29 October 2013 |access-date=22 June 2016}}</ref> that takes into account the manner in which the information is being collected and the uses to which the information will be put.

COPPA 2.0 was introduced to expand the age range covered by COPPA to minors under 17. It was introduced in the Senate alongside the Kids Online Safety Act (KOSA). Both KOSA and COPPA 2.0 passed the Senate on a 91–3 vote on July 30, 2024.<ref name=COPPA2>https://www.mofo.com/resources/insights/240812-u-s-senate-approves-legislation-to-protect-youth-online</ref> COPPA 2.0 would have required youth aged 13, 14, 15 or 16 to consent to the processing of their own data, but would not have required the parents of 13-16 year olds to consent to the data processing. <ref>https://www.mofo.com/resources/insights/240812-u-s-senate-approves-legislation-to-protect-youth-online</ref> COPPA 2.0, as well as KOSA, had not passed the House when the 118th US Congress expired on January 3, 2025. <ref>https://www.cpr.org/2024/12/30/kids-online-safety-act-failed-to-pass/</ref>